Tripwire Patch Priority Index for March 2024


Tripwire’s March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.

First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Up next are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use-after-free, out of bounds memory access, and inappropriate implementation vulnerabilities.

Next on the patch priority list this month is a patch for Microsoft Office that resolves an elevation of privilege vulnerabilities.

Next are patches that affect components of the core Windows operating system. These patches resolve over 40 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These vulnerabilities affect core Windows, Kernel, NTFS, UAS Protocol, Cloud Files Mini Filter Driver, ODBC Driver, Defender, Kerberos, and others.

Next up are patches for .NET, Visual Studio Code, and Azure Data Studio that resolve 2 elevation of privilege and 1 denial of service vulnerabilities.

Lastly, administrators should focus on server-side patches for Exchange Server, Dynamics, SharePoint, Hyper-V and Microsoft Django Backend for SQL Server. These patches several issues including remote code execution, cross-site scripting, and denial of service vulnerabilities.

BULLETIN

CVE

KEV

CVE-2024-21338, CVE-2024-23296, CVE-2024-23225

Microsoft Edge (Chromium-based)

CVE-2024-2173, CVE-2024-2174, CVE-2024-2176

Microsoft Office

CVE-2024-26199

Windows

CVE-2024-26169, CVE-2024-21430, CVE-2024-21330, CVE-2024-21334, CVE-2024-21436, CVE-2024-26160, CVE-2024-21445, CVE-2024-21442, CVE-2024-21437, CVE-2024-26181, CVE-2024-21443, CVE-2024-26182, CVE-2024-26176, CVE-2024-26178, CVE-2024-26173, CVE-2024-26177, CVE-2024-26174, CVE-2024-26197, CVE-2024-21439, CVE-2024-26159, CVE-2024-21440, CVE-2024-26162, CVE-2024-21434, CVE-2024-26185, CVE-2023-28746, CVE-2024-21444, CVE-2024-21441, CVE-2024-26161, CVE-2024-21450, CVE-2024-26166, CVE-2024-21435, CVE-2024-20671, CVE-2024-26190, CVE-2024-21451, CVE-2024-21427, CVE-2024-21432, CVE-2024-21411, CVE-2024-21433, CVE-2024-26170, CVE-2024-21429, CVE-2024-21446, CVE-2024-21438, CVE-2024-21390

.NET

CVE-2024-21392

Visual Studio Code

CVE-2024-26165

Azure Data Studio

CVE-2024-26203

Microsoft Exchange Server

CVE-2024-26198

Microsoft Dynamics

CVE-2024-21419

Microsoft Office SharePoint

CVE-2024-21426

Role: Windows Hyper-V

CVE-2024-21408, CVE-2024-21407

Microsoft Django Backend for SQL Server

CVE-2024-26164



Source link